Fake Apple iCloud Password-Reset Phishing
Phishing emails impersonating Apple claim an iCloud password reset was requested and direct recipients to a fake Apple sign-in page that harvests their Apple ID credentials and two-factor codes.
Part of: Fake Password Reset Scams
Last reviewed: 7 June 2026
iCloud stores the photos, contacts, notes, and device backups that represent years of digital life for Apple users. A 'password reset requested' notification for iCloud triggers two competing fears simultaneously: the account may already be under attack, and ignoring the message might allow an attacker to complete a takeover. Scammers craft this precise anxiety to drive urgent clicks.
Apple does send genuine password-reset confirmation emails when a reset is initiated — the content and format are well known and easily copied by attackers. A fake version that arrives during a moment of distraction can be indistinguishable from the real thing at first glance.
The stakes are particularly high because an Apple ID also controls Find My, which can remotely erase devices. A successful credential theft can mean not just losing account access but losing every photo and document backed up to iCloud.
How this scam works on the Apple brand
Apple sends password-reset notifications from [email protected] and directs recipients to appleid.apple.com only. The genuine email states that a password reset was requested and provides two options: 'If you did not request a password reset, you can ignore this email — your password will not change.' No action is required from someone who did not initiate the reset.
Fake emails deviate from this structure by adding urgency: 'If this was not you, click here immediately to secure your account.' This 'secure your account' link leads to a phishing page. The fake page requests the Apple ID email address and password, followed by a two-factor authentication code, in real time.
Because Apple users are conditioned to take iCloud security alerts seriously, the window between notification and action is very short. Attackers know this and often send fake reset notifications in the early morning when recipients are less alert.
Common red flags
- Sender address is not [email protected] or a verified @apple.com domain
- The email urgently asks you to click a link to 'stop' the password reset — real Apple reset emails say to ignore the email if you did not request it
- The link destination is not appleid.apple.com
- The sign-in page requests your two-factor code immediately after your password
- You already checked appleid.apple.com directly and no reset request appears in your security activity
- The email contains an unfamiliar case number or reference you do not recognise from any prior Apple interaction
How to protect yourself
- Go directly to appleid.apple.com to check recent security activity if you receive an unexpected reset notification
- Real Apple password reset emails require no action if you did not initiate the reset — the reset simply does not happen
- Enable two-factor authentication on your Apple ID using the Apple Authenticator app or a trusted device
- Add a recovery key in your Apple ID security settings for an extra layer of protection
- Review trusted phone numbers and devices at appleid.apple.com > Security and remove any you do not recognise
How to report it
- Forward the phishing email to [email protected]
- Report to the FTC at reportfraud.ftc.gov (US) or Action Fraud actionfraud.police.uk (UK)
- If your Apple ID was accessed, contact Apple Support at apple.com/support for account recovery
- Submit the phishing URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish
Frequently asked questions
What should I do if I receive a genuine Apple password-reset email that I did not request?
According to Apple's own guidance, if you did not request a password reset you can ignore the email — your password will not be changed. There is no action required. However, receiving such an email can indicate someone knows your Apple ID email address and is attempting access, so consider changing your password proactively via appleid.apple.com.
Can an attacker complete a password reset on my Apple ID without my two-factor code?
No, if two-factor authentication is enabled. Apple's password reset process requires both the reset link and access to a trusted device or trusted phone number to receive the six-digit code. This is why two-factor authentication is critical — it prevents a password reset even if someone has your email address.
My Apple ID password was changed without my knowledge. How do I recover it?
Visit iforgot.apple.com to initiate recovery. If recovery options have been changed, use Apple's Account Recovery process. Contact Apple Support at support.apple.com if you are locked out — recovery can take several days if recovery options have been modified by an attacker.